When you want this
- You want to ask the same questions from a Notion / Obsidian / shell script
- You're building a small internal tool that needs cited answers from your vault
- You want to bulk-import sources from an existing pipeline
Creating an API key
From /settings → API Keys → New key. Give it a label (e.g. "notion-script"). The key is shown once — copy it immediately and store somewhere safe; we can't show it to you again. Format: pvk_live_... (40 chars).
Using the key
Pass it in the Authorization header on any /api/v1/* endpoint. Example:
curl -X POST https://api.peptides-research.institute/api/v1/vaults/<id>/chat \
-H "Authorization: Bearer pvk_live_..." \
-H "Content-Type: application/json" \
-d '{"message": "What does the evidence say about BPC-157?"}'API keys grant the same permissions your account has — your vaults, your sources, your quotas. They don't bypass plan limits.
Per-key rate limits
Each key has its own per-minute / per-day budget on top of your account quotas. Defaults: 60/min and the same daily query cap as your plan. Hitting the per-key limit returns 429.
Revoking a key
From /settings → API Keys, clickRevoke on any key. Effective immediately; the next request with that key returns 401. We don't soft-revoke.
Rotating
We recommend rotating keys every 90 days. Generate a new one, update your script, revoke the old. No bulk-rotate UI yet.
What you can't do with an API key
- Create or delete your account — sign-in needed
- Manage your subscription — sign-in to /billing
- Hit admin endpoints — those check is_admin, not API key scope
Public-demo endpoint via API
/api/v1/public-demo/chat doesn't require an API key — just a Cloudflare Turnstile token. Useful if you want to embed a demo widget on your own site without managing keys.